Biometrics and biometric data: What is it and is it secure?
Biometrics are part of the cutting edge of technology. Put simply, biometrics are any metrics related to human features. The most common examples of a biometric recognition system is the iPhone’s fingerprint and facial recognition technology. As an emerging technology, biometric systems can add great convenience by replacing passwords and helping law enforcement catch criminals. Biometric identifiers also act as access control in secure environments, both physical and digital. But the first question you should ask is: Is my biometric data secure from identity theft?
What are biometrics and what is biometric data used for?
Biometrics are a way to measure a person’s physical characteristics to verify their identity. These can include physiological traits, such as fingerprints and eyes, or behavioral characteristics, such as the unique way you'd complete a security-authentication puzzle. To be useful, biometric data must be unique, permanent and collectible. Once measured, the information is compared and matched in a database.
Every time you unlock a smartphone screen with a facial recognition, ask Siri for a weather update, or log in to your online bank account using your fingerprint, you're using biometrics. You might use the technology every day to authenticate your identity or communicate with a personal device, but there are plenty of other uses for biometrics.
For example, police can collect DNA and fingerprints at crime scenes or may use video surveillance to analyze a suspect’s gait or voice. In medicine, wellness exams might include retinal scans or genetic tests. And when you use a credit card at a cash register, you'll probably supply a signature, which can be analyzed if the issuer suspects forgery.
Biometric data types
Biometric data types vary. Here are six.
- Face recognition. Measures the unique patterns of a person’s face by comparing and analyzing facial contours. It’s used in security and law enforcement but also as a way to authenticate identity and unlock devices like smartphones and laptops.
- Iris recognition. Identifies the unique patterns of a person’s iris, which is the colorful area of the eye surrounding the pupil. Although widely used in security applications, it isn’t typically used in the consumer market.
- Fingerprint scanner. Captures the unique pattern of ridges and valleys on a finger. Many smartphones and some laptops use this technology as a type of password to unlock a screen.
- Voice recognition. Measures the unique sound waves in your voice as you speak to a device. Your bank may use voice recognition to verify your identity when calling about your account, or you’ll use it when giving instructions to a smart speaker like Amazon's Alexa.
- Hand geometry. Measures and records the length, thickness, width, and surface area of a person’s hand. These devices date back to the 1980s and were typically used in security applications.
- Behavior characteristics. Analyzes the way you interact with a computerized system. Keystrokes, handwriting, the way you walk, how you use a mouse, and other movements can assess who you are or how familiar you are with the information you’re entering.
How do biometrics work?
If you’ve ever put your fingerprint into a device, you have a vague idea of how biometrics work. Basically, you record your biometric information, in this case a fingerprint. The information is then stored, to be accessed later for comparison with “live” information. Anyone else in the world can put their finger on your device’s touch circle and it’s highly unlikely to open your phone.
Fingerprints are just one form of biometrics. One of the emerging forms of biometric technology is eye scanning. Usually the iris is scanned. Handwriting, voiceprints and the geometry of your veins are other biometrics that are uniquely yours and useful for security applications.
A biometric system consists of three different components:
- Sensor. This is what records your information, as well as reads it when your biometric information needs to be recognized.
- Computer. Whether you’re using your biometric information to access a computer or something else, there has to be a computer storing the information for comparison.
- Software. The software is basically whatever connects the computer hardware to the sensor.
Biometric data is common on smartphones like Apple’s iPhone and some Android devices. Laptops and other computing devices are increasingly relying on biometric systems, and the trend has only just begun. Biometric authentication and biometric identification is an exceptionally secure way to log in to your devices and various services. Plus, it can remove the hassle of remembering dozens of account passwords.
While biometric systems provide convenience to commercial users, U.S. law enforcement agencies like the FBI and Department of Homeland Security also use biometrics. The original biometric was the ink-fingerprint process still used by law enforcement today. The rise of biometric identification has helped law enforcement agencies in major ways, but like any technology, this personal information can be misused by cybercriminals, identity theft scammers, and others in the case of a data breach.
Are biometrics safe?
There are serious privacy concerns when it comes to biometrics. Some of the major issues identified with biometrics include these:
- Any collection of data could eventually get hacked. High-profile data may be an especially attractive target for hackers. The good news is that high-profile data tends to be secured on a stronger level. However, as biometrics become more common, your biometric information will likely be available in more places which may not employ the same level of secure storage.
- Biometrics may become so commonplace that people become complacent. They might not use the kind of common-sense security measures that they use today because they think that biometrics will solve all of their security problems.
- The data stored in a biometric database may be more vulnerable than any other kind of data. You can change passwords. You can’t change your fingerprint or iris scan. This means that once your biometric data has been compromised, it may no longer be in your control.
- Some pieces of your physical identity can be duplicated. For example, a criminal can take a high-resolution photo of your ear from afar or copy your fingerprints from a glass you leave at a cafe. This information could potentially be used to hack into your devices or accounts.
- Laws governing biometrics are a work in progress, meaning your rights might be different from state to state. However, federal lawmakers may eventually create a cohesive law to address biometric privacy.
How to help protect your biometric data
There are some common-sense security measures you can make to help protect your biometric data, including these:
- Strong passwords mean that it’s harder to steal your data by simply cracking your password. Keeping your biometric information in only a few, limited places gives hackers fewer places to breach your data.
- One of the best ways to help secure your devices is to keep your software current. When your device manufacturer notifies you of an available software update or patch, install it right away to help reduce the opportunity of your device being vulnerable to security flaws. It’s especially important to keep your operating system and Internet security software current.
- If you're worried about the security of your biometric data, sometimes you can opt out of providing it. Consider a smartphone that doesn’t require fingerprint authentication, or choose not to use facial recognition software. You can also disable facial recognition in your Facebook settings.
Biometric data could make the world more secure and more convenient. Following common-sense guidelines for security can play a role in helping to protect your privacy.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.